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Improvements In and Relating to Credential Trans f r 

M thods 

The present invention relates to credential transfer 
methods, to methods of communication and to corresponding 
systems. The present invention further relates to digital 
credential indices . 

In a distributed electronic network, such as the internet, 
when a user approaches a service provider for a service 
(which may, by way of example, be a financial transaction) 
the service provider may require in order to provide this 
service one or more credentials from the user. Generally 
a credential is a data structure provided to the user 
(sometimes referred to as the "bearer") for a purpose, 
with some acknowledged way to verify the user's right to 
use the credential. A credential normally will relate to 
an attribute such as the identity of the bearer. For 
instance, if the user is a customer seeking to purchase 
goods from a service provider, the service provider may 
require from the customer credit card details (credit card 
type, -credit card number, name on credit card and expiry 
date) , an address and perhaps other personal details such 
as, say, a passport number or phone number. In order to 
make a purchase from the service provider, the user must 
provide the service provider with the details requested. 

Such a method and system has several disadvantages. 
First, it takes control away from the user/customer (the 
term "user" from now is intended to include reference to 
"customer") . That is, the user does not have control over 
the credentials to be provided. 



Secondly, such a system and method is binary in the sense 
that the service provider provides authorisation (ie 
accepts the credentials) and allows the transaction to 
proceed or does not. There is no middle ground. 

Preferred embodiments of the present invention aim to 
obviate or overcome disadvantages of the prior, art such as 
those described above. 

According to the present invention in a first aspect, 
there is provided a credential transfer method for use on 
a distributed electronic network, the method comprising 
the steps of a sender communicating to a recipient a 
credential index comprising an index referring to at least 
one credential, the recipient selecting at least one of 
the credentials from the index of at least one credential 
provided by the sender, the recipient communicating to the 
sender an indication of the selected at least one 
credential and the sender providing to the recipient at 
least one credential corresponding to the selected at 
least "one credential. 

According to the present invention in a second aspect, 
there is provided a method of communication for use on a 
distributed electronic network, which method comprises a 
credential transfer method according to the first aspect 
of the invention. 

According to the present invention in a third aspect, 
there is provided a system configured and adapted to 



operate according to the first or second aspects of the 
invention. 

According to the present invention in a fourth aspect, 
there is provided a digital credential index comprising an 
index to at least one credential. 

The sender will generally, but not necessarily, be the 
bearer of the credentials. The sender may send data to 
the recipient directly or indirectly through a third 
party. The recipient may send data to the sender directly 
or indirectly through a third party. Reference to 
"direct" communication is via a distributed electronic 
network . 

Suitably, the method comprises the additional step of 
determining whether the at least one credential is 
sufficient and communicating the result of the 
determination to the sender. 

Suitably, the method comprises the additional step of 
determining a service level according to the at least one 
credential indexed in the credential index and the 
recipient communicating the service level to the sender. 

Suitably, the sender communicates a plurality of 
credential indices to the recipient. 

Suitably, the method comprises the additional step of 
determining a service level according to each of the 
plurality of credential indices communicated to the 
recipient by the sender and communicating the service 
level corresponding to at least one of the credential 
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indices, to the sender. Suitably, a service level is 
communicated to the sender for each credential index 
communicated to the recipient by the sender. 

Suitably, the credential comprises a digital credential. 

Suitably, the credential index comprises indices to a 
plurality of credentials. 

Suitably, the method comprises the additional step of the 
sender selecting a credential index from a plurality of 
available credential indices . 

The present invention will now be described, by way of 
example only, with reference to the drawings that follow; 
in which: 

Figure 1 is a schematic illustration of a distributed 
electronic network illustrating features of embodiments of 
the present invention. 

Figure* 2 is a functional flow diagram illustration of an 
embodiment of the present invention. 

Figure 3 is a schematic workflow diagram corresponding to 
the embodiment shown in Figure 2 . 

Figure 4 is a functional flow diagram illustration of 
another embodiment of the present invention. 

Referring to -Figure 1, there is shown a distributed 
electronic network 2 comprising a user's terminal 4 (also 



5 



used to designate the user generally) in electronic 
communication with a service provider 6 (the recipient) 
via the internet, indicated schematically at 8. In this 
embodiment the user 4 is the sender. It will be 
appreciated that embodiments of the present invention can 
be operated across other distributed electronic networks 
such as wide area networks or local area networks. 

The user 4 is the bearer of a plurality of digital 
credentials obtained previously. 

Referring to Figures 2 and 3 of the drawings that follow, 
a first embodiment of the present invention will now be 
described. 

Figure 2 is a step-by- step flow diagram of the first 
embodiment, while Figure 3 is a corresponding overview of 
the workflow. 

In step 200 (Figure 2) the user 4 creates a plurality of 
different credential indices 3 00A-N. Embodiments of the 
present invention can operate with a single credential 
index 300, but in preferred embodiments the user generates 
a plurality of credential indices 300 ready for submission 
to service providers as desired. Each credential index 
300 contains details of the credentials 302A-M the user 4 
is willing to offer to the service provider 6. The 
credentials 302A-M are those the user 4 has available for 
selection to provide to a service provider. The number of 
credentials 302 need not (and generally will not) 
correspond to the number of credential indices 300. (For 
the sake of clarity, not all credential indices nor 
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credentials are referenced in Figure 3) . So, for 
instance, the user 4 may include in a first credential 
index 30 OA reference to an address and a credit card 
details. In a second . credential index 300B the user 4 
may, for instance, include reference to a passport number 
and a telephone number. In a third credential index 300C 
the user 4 may,, for instance, include reference to their 
employer's name and address and their bank details. The 
selection of to which credentials 302 are referenced in 
which credential index 300 is left to the user 4. 

Credential indices 300 may contain simple reference to a 
credential 302 or be descriptive of the credential 302. 
For instance, the file of the credential may simply state 
that the credentials 302 are the user's name and address 
without giving any details of them. Alternatively or in 
addition the credential indices 300 may contain thumbnails 
of the relevant credentials. A thumbnail of a credential 
is a portion of it, a summary or a constrained description 
thereof. The key feature is that the credential itself is 
not disclosed. For instance a credential index 300 may 
include the first 12 digits of a credit card number or the 
first line of an address. A credential index may, 
alternatively, contain reference to, say, a credit card 
number (without disclosing the number itself) and a credit 
limit. 

In an extreme example a credential index 300 may refer to 
a single credential 302. For the purpose of the 
embodiments described it is assumed that each credential 
index 3 00 references a plurality of credentials 302. 



In step 202, the user 4 generates a package of credentials 
302 corresponding to those indicated to be available in 
step 200. The credentials 302 may be generated separately 
or be combined in single credential document. This step 
can take place earlier or later in the procedure up to 
when the user 4 provides the credentials 302. 

In step 2 04, the user 4, having decided to approach a 
service provider 6 for a service decides which credentials 
302 he/she is willing to offer to the service provider 6 
and provides a corresponding credential index to the 
service provider 6. For the present embodiment, the user 
4 offers credentials 3 02A and 3 02B referred to in a 
credential index 3 00A. The credentials 302 the user 4 is 
willing to offer to the service provider 6 may vary, for 
instance, because of the user's confidence in the security 
of the site and/or the user's knowledge of the service 
provider involved in the transaction. 

In step 206 the service provider 6, upon receipt of the 
credential index 3 00A from the user 4 reviews the 
credentials 302A and 3 02B offered decides (the decision 
making process may be automated) whether the type of 
credentials offered are sufficient to enable the service 
provider 6 to provide the service requested. If the 
service provider 6 is willing to accept the credentials 
302A and 302B for the service it responds, in step 208 
that the credentials 302A and 302B offered in the 
credential index 300A are acceptable and, in step 210, the 
user 4 transmits the credentials 302A and 302B 
corresponding to those referred to in the credential index 
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300A to the service provider 6. The service provider 6 
then, in step 212 provides the corresponding service. 

If, at step 206, the service provider 6 decides that the 
credentials 302A and 302B offered in the credential index 
300A are not sufficient for the service provider 6 to 
provide the service it informs the user 4 to that effect . 
The user 4 then has the choice of either providing a new 
index of credentials (see step 204) or terminating the 
transaction. 

Alternatively, the service provider 6 may just select one 
of the credentials 302A or 3 02B and indicate that this is 
sufficient for a transaction. The user 4 then transmits 
the relevant credential to the service provider 6. 

Referring to Figure 4 of the drawings that follow, a 
further embodiment of the present invention is 
illustrated. In Figure 4 the steps 400 to 404 correspond 
to those of steps 200 to 204 in relation to Figure 2 and 
so will not be explained in detail here. 

In step 406 the recipient 6 determines what service level 
is appropriate to the credentials 302 offered in the 
credential index 300 supplied by the user 4. So, for 
instance, in the case of the user 4 requesting a service 
for financial consideration if the user 4 communicates to 
the recipient 6 a credential index 300 referring to credit 
card details and an address, the service provider 6 
determines how much credit it will extend to the user 4 
saying it will offer services to a value up to €1,000 and 




9 



communicates this to the user 4 in step 408. Steps 410 
and 412 correspond to steps 210 and 212 in Figure 2. 

The determination by the service provider in step 406 may 
5 be to offer no service at all or some other service level, 
such as only offering certain types of service (say if 
products can only be supplied to those of a minimum age) . 

If the user 4 is not satisfied with the service level 
10 proposed by the service provider S at step 408, the user 4 
can re- institute the procedure to seek another service 
level offer from the service provider 6. 

In a modification of the embodiment of Figure 4, in steps 
15 404 the user 4 can provide to service provider 6 a 
plurality of credential indices 300 from which (as 
described in relation to Figure 4) the service provider 6 
determines for each credential index a corresponding 
service level the service provider is willing to offer. 
20 The service provider 6 therefore communicates to the user 
4 a plurality of service level indicators linked (or 
otherwise cross-referenced) to the corresponding 
credential indices, respectively. The user 4 then 

determines which service level it wishes to select based 
25 on the user's assessment of the credentials required by 
the service provider 6 for the corresponding service. The 
user 4 then communicates the credential 3 02 to the service 
provider 6 (step 410) . 

3 0 Preferred embodiments of the present invention put into 
the control of the user the decision of which credential 
to provide to a service provider. 



10 



Further, an exchange of information takes place between 
user and service provider enabling the user to find a 
suitable service level according to the credentials the 
5 user is willing to provide to the service provider. 

It is noted that although reference is made to a "service 
provider" in the preferred embodiments, the recipient of 
communication need not be the actual provider of the 
10 service. 

Communications for the present invention may be encrypted. 

The reader's attention is directed to all papers and 
15 documents which are filed concurrently with or previous to 
this specification in connection with this application and 
which are open to public inspection with this 
specification, and the contents of all such papers and 
documents are incorporated herein by reference. 

20 

All of the features disclosed in this specification 
(including any accompanying claims, abstract and 
drawings) , and/or all of the steps of any method or 
process so disclosed, may be combined in any combination, 
25 except combinations where at least some of such features 
and/or steps are mutually exclusive. 

Each feature disclosed in this specification (including 
any accompanying claims, abstract and drawings) , may be 
30 replaced by alternative features serving the same, 
equivalent or similar purpose, unless expressly stated 
otherwise. Thus, unless expressly stated otherwise, each 
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feature disclosed is one example only of a generic series 
of equivalent or similar features. 

The invention is not restricted to the details of the 
foregoing embodiment ( s ) . The invention extend to any novel 
one, or any novel combination, of the features disclosed 
in this specification (including any accompanying claims, 
abstract and drawings) , or to any novel one, or any novel 
combination, of the steps of any method or process so 
disclosed* 



12 



Claims 

1. A credential transfer method for use on a distributed 
electronic network, the method comprising the steps of 
a sender communicating to a recipient a credential 
index comprising an index referring to at least one 
credential, the recipient selecting at least one of 
the credentials from the index of at least one 
credential provided by the sender, the recipient 
communicating to the sender an indication of the 
selected at least one credential and the sender 
providing to the recipient at least one credential 
corresponding to the selected at least one credential. 

2. A credential transfer method according to claim 1, in 
which the method comprises the additional step of 
determining whether the at least one credential is 
sufficient and communicating the result of the 
determination to the sender. 

3. A credential transfer method according to claim 1, in 
which the method comprises the additional step of 
determining a service level according to the at least 
one credential indexed in the credential index and the 
recipient communicating the service level to the 
sender. 

4 . A credential transfer method according to any 
preceding claim, in which the sender communicates a 
plurality of credential indices to the recipient. 



A credential transfer method according to claim 4, in 
which the method comprises the additional step of 
determining a service level according to each of the 
plurality of credential indices communicated to the 
recipient by the sender and communicating the service 
level corresponding to at least one of the credential 
indices to the sender. 

A credential transfer method according to claim 5, in 
which a service level is communicated to the sender 
for each credential index communicated to the 
recipient by the sender. 

A credential transfer method according to any 
preceding claim, in which the credential comprises a 
digital credential . 

A credential transfer method according to any 
preceding claim, in which the credential index 
comprises indices to a plurality of credentials. 

A ""credential transfer method according to claim 8, in 
which the method comprises the additional step of the 
sender selecting a credential index from a plurality 
of available credential indices . 

A method of communication for use on a distributed 
electronic network, which method comprises a 
credential transfer method according to any preceding 
claim. 
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11. A system configured and adapted to operate according 
to any preceding claim. 

12 . A digital credential index comprising an index to at 
5 least one credential . 

13. A digital credential index according to claim 12, in 
which the credential index comprises indices to a 
plurality of credentials. 

10 

14 . A credential transfer method substantially . as 
described herein, with reference to the accompanying 
drawings . 

15 15. A method of communication substantially as described 
herein, with reference to the accompanying drawings. 



16. A digital credential index substantially as described 
herein, with reference to the accompanying drawings. 
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Abstract 

Improvements in and Relating to Credential Transfer 

Methods 

5 

The present invention discloses a credential transfer 
method for use on a distributed electronic network (2) , 
the ' method comprising the steps of a sender (4) 
communicating to a recipient (6) a credential index (300) 

10 comprising an index referring to at least one credential 
(302) , the recipient (6) selecting at least one of the 
credentials (302) from the index (300) of at least one 
credential provided by the sender (4) , the recipient (6) 
communicating to the sender (4) an indication of the 

15 selected at least one credential (302) and the sender (4) 
providing to the recipient (6) at least one credential 
(302) corresponding to the selected at least one 
credential. A corresponding method of communication, 
system and digital credential index are also disclosed. 

20 

Figure 3 
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